|Intelligent Automation & Soft Computing |
A Review on Privacy Preservation of Location-Based Services in Internet of Things
College of Computing and Informatics, Saudi Electronic University, Saudi Arabia, Riyadh
*Corresponding Author: Raniyah Wazirali. Email: firstname.lastname@example.org
Received: 07 April 2021; Accepted: 12 June 2021
Abstract: Internet of Things (IoT) has become popular with the rapid development of sensing devices, and it offers a large number of services. Location data is one of the most important information required for IoT systems. With the widespread of Location Based Services (LBS) applications, the privacy and security threats are also emerging. Recently, a large number of studies focused on localization and positioning functionalities, however, the risk associated with user privacy has not been sufficiently addressed so far. Therefore, privacy and security of device location in IoT systems is an active area of research. Since LBS is often exposed to attacks, it has privacy concerns, such as the privacy of a user’s current location, which could include personal details. If the user’s current position is compromised as a result of unauthorized access, it may have serious consequences. As a result, maintaining user privacy while achieving precise location remains a challenge in IoT. In this paper, we survey different challenges related to the privacy and security of user’s location in IoT systems. First, we provide in depth analysis of several studies related to this issue. Secondly, we propose potential solutions to address the problem at hand. Finally, we discuss some limitations that still require attention through related case studies.
Keywords: Privacy-preservation; IoT services; location information
Over the world, increasing development has reshaped our lives with the emerging technology of the Internet of things (IoT) and has become an integral part of our daily activities. IoT has provided various technologies and facilities in every field of life . For instance, safe and smooth driving experience using IoT based cars that interact with other vehicles and traffic rules to be safe, data collection of our body system, health monitoring, and daily activities using wearable tools and gadgets and smart home devices that are capable of enhancing the quality of life . According to the prediction of IoT analytics, it is estimated that 34 billion IoT devices would be connected by 2025 . Moreover, IoT will play a significant role in the growth and development of data generation and the rapid increase in the amount of IoT instruments and devices . In addition, it has been estimated in the International Data Corporation’s 2013 report, that in 2013 and 2020, data increases from 4.4 to 44 zettabytes that could lead to 180 zettabytes by 2025 .
IoT devices have diversity in privacy protection, but most have disadvantages of power consumption and limited computational. So, many conventional privacy preservation techniques based on IoT did not prove successful . Recently, new practical techniques and methods (Machine learning (ML)) have gained attention to address and enhance the conventional privacy preservation approaches limitations. IoT-based devices interact and generate shared network systems, software, hardware, and application and process data. In new techniques, there is an opportunity to enhance previous operations and guide the automatic procedure. It is predicted that organizations’ IoT projects based on approach machine learning were 10% in 2017, increasing to 80% by 2020 . IoT produces many data that provide a platform to advance devices for data collection, monitoring, and processing of services of privacy protection. There are a privacy preservation operations like authentication, access control, regulatory compliance, and data aggregation of organizational data owners, users, and collectors enhanced using machine learning devices. Among various IoT, data components become protected, secured, and minimized contextual raw data sharing using ML-based devices. The risk related with user privacy has not been adequately addressed so far. Therefore, privacy and security of device location in IoT systems is an effective area of research. Since LBS is often exposed to attacks, it has privacy concerns, such as the privacy of a user’s current location, which could include personal details. If the user’s current location is exposed as a result of unauthorized access, it may have severe concerns. As a result, providing user privacy while attaining accurate location remains a challenge in IoT.
In an IoT environment, privacy must be a significant concern; for instance, privacy issues may arise in different phases of data sharing and interaction due to a large number of location information generation and collection in IoT devices. Location-based information in the IoT includes sensing, detecting, storing, processing, sharing, and using data among devices [8–14]. A GPS sensor gathers information of locations that could be very sensitive for few uses. A consistent and flexible approach of privacy preservation-based services has dominant importance in the field of Information technology. It should be in mind that computational cost and energy resources are considered as a priority while selecting any privacy preservation technique in the IoT ecosystem. The following list highlights the privacy concerns within the IoT ecosystem as given below:
(a) Identification: While using any intelligent device, identification is an essential factor to know whether inventions in the field of the internet and communication devices like computers, mobile devices have become ubiquitous, networking, and some other technologies the Internet of Things (IoT) now have a significant role in the modern lifestyle, which is fundamentally changing science and society. Moreover, the applications based on the users’ current location are rapidly expanding. Wireless technologies, RFID, 3G and 4G networks, Bluetooth, GPS systems, and other networking technologies are used to link networks of objects in the Internet of Things. This network allows the objects or “thing” to have unique identification and some backend system pattern of activities to communicate with each other by using cloud computing, web portals, or mobile computing. Keeping in view the pace of innovation in this industry it can be predicted that usage of IoT will exceed that of the Internet 30 times over and market worth will be more than $100 billion. Our day-to-day activities will become uprising as a result of a merger between location-based services (LBSs), communication, and computing technologies. Both technologies play an important role in the world of the Internet of Things. Location-based services are being used in mobile devices more conventionally and become a very important element in developing the Internet of things. Usage of RFID technology and mobile logistic information collection in mobile devices highlights the importance of IoT. In an organization, identifying any user or system could be a serious issue . There is a need to obtain a system that gives the device’s identity to all connected authorized party’s devices simultaneously. Authorized users should know about connected devices’ identity to differentiate them from other instruments [16–18].
(b) Authentication: Authentication is a challenging task in privacy preservation that requires proper authentication servers and frameworks to attain their goal through transmitting appropriates texts to other connected nodes to network devices. IoT-based privacy preservation techniques are lack of exchanging multiple messages to authentication servers like RFID approaches. These approaches do not exchange information to sensor notes as well [15,19].
(c) Data Integrity: While any cyber breach, cybercriminals can be affected by various data control factors as they often face data changes during data transition, server outages, and electromagnetic intrusion. Data integrity is a valuable method to prevent data transmission and reception from external disturbances and cybercriminals’ involvement using basic security surveillance methods. Therefore, in this case, without identification of threat system cannot exchange the data among users. Checksums and cyclic redundancy checks (CRC) ensure data accuracy and reliability using the error detection method [15,17].
(d) Trust: Trust is a multifactor term in various disciplines, dimensions, and concepts. It is more complex to establish and identify because of covering broad scope than security concerns in intelligent devices. Moreover, it is related to privacy concepts in which professionals use to identify any user’s personal information about whether, when, and to whom he/she could disclose their privacy leaks . In permeating systems or IoT devices, many studies aim to enhance identity trust and attain privacy preservation. Therefore, a user will adopt the policies, beliefs, and Security of manufactured devices before sharing personal data with other instruments .
(e) Data Confidentiality: Data confidentiality prevents the users and confirms that sensitive information is trusted through using different mechanisms to secure unauthorized leakage. Security methods of data protection from illegal users are individually identified includes data encryption, biometric verification, and two-stage authentication of two dependent users . For example, in IoT-based intelligent devices, data do not appear to other unauthorized readers, nor can they view sensor nodes or data labels .
In this paper, the author explains the location-based services on Section 2 and this include: Location Awareness, Location Information via GPS, Location Information Through Wireless and Location Using Cellular Network. Then, in Section 3 the paper discusses the privacy issues of location-based privacy follow by deliberating the existed works of location-based privacy. In Section 4, the paper analyses some related works and give the weaknesses and the strength of each method. Finally, Section 5 provides the conclusion.
2 Location-Based Services
In the Internet of things (IoT), there is a variety and broad use of LBSs in smartphone applications. Smartphone applications that users use and run on Androids or iPhones like group calendars, digital banking, and social networking (Facebook, WhatsApp, Twitter) often enable users to enhance the availability of devices services and access remote data anytime and anywhere. Consequently, almost every mobile phone, there are some examples of LBSs daily, including searching for a restaurant in the vicinity and searching the nearby area for shopping deals or discount shops. The lifestyle and the way of communication have improved using and sharing location information. The exchange of location data among servers, users, or ordinary people makes socialization easier through mobile location-based services.
A few years ago, studies estimated and found that most youngsters use SMS/text/messages to interact with other friends and organize parties or seminars . After that, mobile applications like WhatsApp, Facebook, Instagram, etc., in the cell phone industry significantly entered through SMS evolution. In addition, all smartphone applications take over the conventional use of messages with the extensive use of iOS, Android cell phones and Windows mobiles, SMS, and VOIP apps functioning on 3G, 4G, 5G, and wireless networks. These applications are considered social location information leakage sources that share location-based services and data to friends and other connected users . Mobile applications like “WhatsApp” and “Viber” with cross-exchange capability offer users to share locations using audio, video texts, text messages, photos to other users without any cost via wireless Internet. Child location services are different location-based services that are also becoming common .
2.1 Location Awareness
In traditional methods, only usernames, passwords, digital certificates, and other information are used to identify the user’s location using just computer systems or authenticating individuals—IP addresses of users and time of access to the area often recorded in conventional methods. Recently, location awareness has become a common term among smartphone users—this term initiated from location and configuration information of networking. Moreover, network configuration and location information and notification of information changes in application are services provided in Network location awareness (NLA) . This term has been evolved with the emerging technology of GPS and radio-equipped mobile gadgets. In Mobile devices and pervasive computing system providing location data as well as identity authentication becomes more useful. Identity of location information using the combination of these two terms defines the location based services. There are three methods that Hopper describes commonly used to save location data : 1. Coordinates: It is a 2D or 3D trajectory of real values that showing the distance of a specific origin from an entity; 2. Proximity: Showing how much two or more than two entities are close to each other using a real numbers rounded to binary value; and, 3. Containment: a number showing the total of integration of various entities.
2.2 Location Information via GPS
In 1972, the first research was conducted on the Global Positioning System (GPS) when United States Air Force (USAF) used ground-based pseudo-satellites to try development flight assessments of two prototypes of GPS operators on white sands missile range. Therefore, in the 1990’s gulf war first time GPS satellites were extensively used . GPS receivers equipped with any device provide calculated precise timing of the signals sent out by GPS satellites. Usually, two dimensional (2D) operational mode required calls from 3 satellites. The 2D operation mode would not provide the elevation reading but calculate the horizontal coordinates. The 3D operation mode required four satellites that provided information on both the horizontal and elevation coordinates. Time is noted when the message is sent through satellite and transmitted from satellites and satellite’s point at message sending. So, a minimum of four satellites received the message and a GPS receiver will obtain the time sent and position of satellite by calculating message transmission. The location procedure is as follows: the GPS receiver calculates the distance of four satellites from each satellite to locate these four satellites and their location. A mathematical principle called Trilateration was used to start this process. This principle is based on using geometrical shapes of circle, sphere or triangles to measure the distance points and relative and absolute location of each point as well. Consequently, latitude and longitude information along with altitude information sometimes obtained through a GPS navigation device.
2.3 Location Information Through Wireless
With the development of wireless equipment, wireless devices connected to Wi-Fi signals obtained through wireless local areas networks (WLANs) are attracting more applications worldwide that called as Wi-Fi-based positioning systems (WPS). There are two methods of positioning in Wi-Fi access points using the localization mechanism. The first one is based on calculating the intensity of received signals, while the second one is based on WLAN fingerprinting . A WLAN fingerprinting method is also called scene analysis or pattern matching technology. Its functioning setting is observed, and devices’ current location is estimated via those observations . This technique estimates that every physical location contains a rare fingerprint that is similar to human fingerprints and various characteristics in wireless signal space. Fingerprinting technique further has two phases of operating procedure. In the first phase, WLAN scanning and online locations are executed along with the map construction using the offline sampling phase. At the same time, the second phase is based on real-time monitoring of WLAN measurements to locate the WLAN devices .
2.4 Location Using Cellular Network
GSM localization is a positioning system of obtaining device location via the cellular network. Radio towers are used to locate any device performed by multilateration of radio signals among two networks of two towers and devices. Multilateration is a navigation method in which the variation of distance of two or more than two locations are measured by recording the signals at known times . Excitingly, an active phone call is not required in this process of location searching. The signals strength of any antennae masts in vicinity area provide location signals to GSM. Following is the working procedure of GSM localization method: GSM enabled devices send calls through base stations that processed these calls to other networks. Then, general location or geographical area of any device determined in a base station. Other base stations likewise connect with the GSM empowered gadget and if data from a few base positions assembled, the area of the gadget can be limited utilizing triangulation. Triangulation is the way toward deciding the area of a location by estimating points from recognized focuses over one or the flip side of a fixed standard .
3 LBS Security Problems
In location based services (LBSs) GPS application used to obtain users current location where he/she is living via smart devices like Android and iOS devices. This location information is obtained when the LBS server receives a text question of his location. This query will allow LBS server to locate the user’s location via returning points of interest (POIs) near the uses like available vehicles in the vicinity, any restaurant, and obtain just-in-time tickets. Though, the linked possible privacy issues may offset the benefits. For instance, a cybercriminal could collect all queries and sensitive data sent to the LBS server of any particular user about his workplace, attitude, and personal profiles [34,35]. Moreover, in the greed of money and other strategic benefits, the LBS server may disclose the user’s sensitive information to a third party. Expectedly, in recent research studies, LBSs are a hot topic of privacy-preservation. The study’s objectives are to identify the conventional methods of privacy preservation, location-based services in the IoT ecosystem; and privacy and security challenges and issues related to these data prevention approaches.
4 Related Works
In recent advanced and technological development, many advanced types of research have been studied on the preservation of Privacy for IoT-based services [36,37]. The most focused solution to preserve privacy and handle massive amounts of data is the association of IoT and cloud computing. Location-based services have been gaining attraction among users in a recent era with widespread positioning technologies, wireless communication devices, and mobile wireless-based devices [38–40]. IoT may significantly impact users’ data privacy as massive amounts of data are collected and shared with other devices. Furthermore, there are many challenges regarding user’s Privacy from authorized parties and the collection of personalized and computational data in IoT . Location information is a primary source of leaking someone’s location privacy that further impacts the data handling or processing of the Internet of Things (IoT). Therefore, location data is a massive component of the inefficient portfolio, supply chains, effective transportation systems, mobile applications context-aware, and many other IoT-based services . Moreover, delicate location data is handled or organized without users’ permission could cause privacy attacks and threat consequences, leading to severe challenges for the Security and Privacy of IoT services [43–45].
Henze et al. suggested a user-driven privacy enforcement method that studied Privacy-preserving for single end-user for cloud-based services in the IoT . Another research proposed the idea of PAgIoT, a Privacy-preserving Aggregation protocol that allows groups of entities for appropriate IoT settings and allows PAgIoT, a Privacy-preserving Aggregation protocol along with the permission of value correlation for privacy-preserving . In , a trust model of inconsequential privacy-preserving had been designed to minimize the privacy losses in the presence of unauthorized service providers. While using this model, the provider could be secured from disclosing information to third parties for illegal use. The authors in  conducted research work for roaming service to provide standard roaming capability and multilayered privacy preservation using a conditional privacy-preserving authentication with access linkability (CPAL). In , authors presented the idea of available resources and time duration for attackers that showed the trade-off among the handling load for an IoT note in contrast with the desired time limit of privacy preservation and estimated cost of breaking public-key cryptosystem as well. In addition, Jin et al.  discussed the architecture of smart cities realization by the Internet of things (IoT) that includes a complete urban localization data system and presents a transformational role of a conventional cyber-physical system. The authors in  suggested a privacy-by-design (PbD) technique to design new platforms for IoT devices. They could guide software engineers to analytically access the middleware platforms and IoT application’s privacy capabilities.
This paper  presented a solution for IoT-based location privacy. Their project approves order securing symmetric encryption (OPSE) and k-anonymity method based on a uniform grid system. So, the anonymizer could only execute superficial similarities and differences of operations because of unawareness of the user’s actual location information. In their proposed approach, they used to transform the user-based grid framework into a uniform grid framework by employing an entity of conversion capability. This permit user to avoid repeating queries from various users at the same query location base with a combined caching system that resultantly minimizes the overhead of the LBS server. Using this idea, it was concluded that user’s location privacy could preserve by decreasing overheads at LBS server and anonymizers. In  research, they presented the collaborative trajectory privacy-preserving (CTPP) scheme for nonstop queries. There is no need for any completely trusted entities to guarantee a trajectory privacy through caching-aware collaboration between users in this scheme. Their scheme’s primary aim is to confuse LBS attackers by complicating the actual trajectory and issuing fake requests or queries. Moreover, they used to collect important information from multi-hop peers that was based on combined caching with the help of a multi-hop caching-aware cloaking algorithm. They then introduce a collaborative privacy-preserving fake queries-based algorithm to confuse the location service provider (LSP). The resultant verification of their scheme proved to be effective and efficient in processing time and cost of communication.
The authors of  research aimed to study previous or traditional studies to examine the limitation and future opportunities of using machine learning-based (ML) IoT privacy solutions. First, they explored, collected, and categorized various data sources in IoT. Then, they analyze the existing solutions designed, established, and performed to protect IoT privacy concerns. The authors of  study ensure location-based privacy by comparing the Enhanced Semantic Obfuscation technique (ESOT) with a simple location obfuscation mechanism. Consequently, they concluded that ESOT has more computational overheads as compared to Simple Obfuscation Techniques. A novel Obfuscation technique is proposed to ensure the location privacy and get rid of Privacy and computational overhead. In , researchers aimed to describe and focused on possible location privacy risks of road networks provided and their protection methods in LBSs. They investigated various attacks (co-relation attack, inference, and intellectual merits attack) with possible broader impacts over LBSs for vehicular ad-hoc networks and provided (V ANET) users. Other objectives of the research were to provide effective and prolonged location privacy solutions and approaches.
In  paper, they proposed an efficient k-anonymity based Dummy Location and separate Circular Area (k-DLCA) approach to secure the user’s location privacy. Compared to previous research, the k-DLCA algorithm attains a greedy method to select locations and showed resistance from adversary attacks with less chance of data exposure. Recently, there has been much research about protecting and preserving Privacy with quick response . Therefore, those researches can be summarized into two main methods: spatial and temporal cloaking and transformation of the user’s location. In this paper, a new architecture is proposed by attaching a database to the existing gateway mobile location center (GMLC) in the mobile core network to protect user privacy and reduce response time. The results show that the new architecture protects user privacy well and reduces response time. A research study in  conducted privacy preservation of users’ mobile phones in location-based Cyber Services (PPCS) by proposing a region-of-interest division-based algorithm. As compared to previous preserving methods, their suggested PPCS method produces dummy location information during specific locations’ semantic data. The user’s actual location exposure will exclude or minimize by enabling the generated sites of the PPCS algorithm. They analyzed and described that PPCS is prone to both plotting attacks and implication attacks. Moreover, they utilize extensive simulation to demonstrate and evaluate the proposed method effectively.
Authors in  first identify the threats to both global navigation satellite systems (GNSS) and non-global navigation satellite system (n-GNSS) and their solutions. They then proposed concrete cryptographic keys for location and positioning-based services in IoT devices’ privacy and security threats. Consequently, they describe the state of art of policy rules preventing positioning resolutions and legal instruments to location information privacy. The studies reviewed in this literature provided information on IoT-based positioning system and localization in terms of technical and legal aspects and their security and privacy issues. They also aimed to suggest recommendations and visions for future IoT-based vigorous, secure, and privacy-preserving location-based ideas. In  literature study, they presented a privacy preservation method based on radius-constrained dummy trajectory (RcDT) in MSNs. For location information where the client sent LBS query, they propose trajectory (RcDT) in MSNs idea to view a user’s reallocation by constraining the generated circular radius R. Additionally, this method leads to a comprehensive study of both risks of the single-location exposure and trajectory exposure threats.
In  study, authors proposed an advanced location privacy preservation mobile app, called MoveWithMe. This app hides the actual user’s location and behavior by generating decoy queries in the user’s app while using location-based mobile devices. MoveWithMe behaves like an actual human who quickly identifies the threats compared to previously studied research on dummy trajectories. Moreover, every decoy has semantical variation from all other real user’s traces and specific geographic locations using different moving patterns, daily schemes, and social attitudes. This study  proposes a responsible rethought LBS privacy-preserving plan. In the rethinking situation, to cause clients to cooperate with cloud workers to acquire inquiry information, first and foremost, they develop area various leveled list and quality progressive file dependent on Bloom Filter. Furthermore, they partition one locale into nuclear areas utilizing Hilbert Curve, which guarantees the Privacy of questions and improves inquiry efficiency. Finally, they understand the sharing of scrambled information among various clients by responsible intermediary re-encryption (APRE) innovation, which can successfully reduce the intermediary re-encryption key .
Above described techniques for privacy preservation in IoT devices provided opportunities and limitations in their uses as shown in table. For last years, location privacy has been a significant factor in the demanding developmental era. Moreover, most of the devices developed and commercially used because accuracy of devices is limited to few applications along with the availability of specific service providers.
In order to support innovation development effective and efficient location based services (LBSs), used to aware the servers on the basis of location and positioning information of Wi-Fi frameworks. Following is the table presenting the strengths and weakness of existing LBS techniques:
Although this paper presents review on privacy preservation of location-based services in Internet of Things, the approach can be generalized and made applicable to many other applications within privacy applications. This IoT location study is urgent and essentially to assist dealing with massive crowds and gatherings which can also produce fast statistical information to be dealt with via visualizations [70–74]. On the other hand, The work confidentially consideration is becoming vital problem affecting all IoT data. Because of high location mobility streaming demand, specific security methods could help solving this issue via light-weight cryptography and proper security .
Privacy has become the top of the significant suggestions as to the IoT devices. Protection prolonged methods obscurity in the IoT. Reporting and information mining inside any IoT situation could shape expected damage to people because of the programmed interaction of information assortment, their capacity, and how individual information can be effortlessly shared and examined. In addition, the establishments and guidelines for advanced protection were set up specific years before the Internet incorporation. These guidelines manage the assortment of information and access privileges and guarantee right. That is not true anymore today. At its most straightforward definition, protection implies giving clients the alternative to control how their gathered individual data may be utilized, explicitly for auxiliary utilization and outsider access. For instance, in the online climate, security decisions can be practiced by just clicking a container on the program screen that demonstrates a client’s choice concerning utilizing the data being gathered. The idea continued as before in the advancement of long-range interpersonal communication, where clients on Facebook show to whom and to which degree their data can be uncovered. These are known as the standards of notice and decision.
The major consequence faced in the development of the Internet of Things is “Privacy”. Information collection and reporting within an IoT situation can be harmful to individuals because personal data can be easily shared due to automation in the process of data collection, storage, and assessment. Unfortunately, security and privacy issues have not always gotten the attention they merit when developing IoT devices and systems, resulting in widespread security issues that affect protected localization, location data, and location based services IoT. Context-awareness is a key feature of IoT, and location data and location-based services play critical roles in such systems. The demand will increase for the use of LBS in terms of technology,
One of the upcoming market trends is the rising popularity of cloud-based analytics. Retailers can boost their sales volume and profitability by using big data analytics to improve their understanding of customer market trends. Improve the search experience for customers big data analytics are used by location-as-a-service companies to provide cloud-based and mobile LBS web services that can incorporate real-time location data.
Recently, a number of traditional methods have been proposed to preserve the privacy of IoT systems and the localization data of the users. When transmitting the information between the devices, the traditional methods of obfuscation simply substitute the true location data with a fake location data. Whereas, some methods aim to avoid the disclosure of unnecessary information, while others rely on access control and anonymization strategies like mix zone. Furthermore, there are numerous solutions for improving the robustness, stability, and privacy of LBSs in the IoT. They always come with hefty costs and necessitate advanced knowledge in order to be properly implemented. All of these methods have certain limitations, therefore keeping in view the aspects of the IoT system and its heterogeneity, it is essential to investigate and research reliable solutions.
Funding Statement: The authors received no specific funding for this study.
Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.
|This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.|